Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 03:46

General

  • Target

    f6cd12da23cd08fecfaf01cd3d39c69d3a6beae29018c243e1424db807a8fb73N.exe

  • Size

    238KB

  • MD5

    48283a908d6695618f0bd9db318f8790

  • SHA1

    ab13ffdad3378e8bb5ad461578abd5a0832b4fdc

  • SHA256

    f6cd12da23cd08fecfaf01cd3d39c69d3a6beae29018c243e1424db807a8fb73

  • SHA512

    a1c9170dae3d9de80c80174c7f5da47df9f8bdcefd5730f0d0229b72ef3caa86413047d58f464813867be1bf41743400be59b060bca0cfe488857806e0de3fc1

  • SSDEEP

    3072:fny1tE/sitCab47kATGB1HtE/sitCab47kATGB1o:KbEn/bNEn/bo

Malware Config

Signatures

  • Renames multiple (2592) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6cd12da23cd08fecfaf01cd3d39c69d3a6beae29018c243e1424db807a8fb73N.exe
    "C:\Users\Admin\AppData\Local\Temp\f6cd12da23cd08fecfaf01cd3d39c69d3a6beae29018c243e1424db807a8fb73N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

    Filesize

    238KB

    MD5

    9d529dd31421a3c63ec56b88d32ebf22

    SHA1

    208f5bef4abeb8f3ff0f935a13742e7856701a7c

    SHA256

    9973c93617c8ab6e5ee47f467c38683e0aa42fec7478ba480b3a4276be7ce673

    SHA512

    9701af27d4aba7d22edffff48f1428b1b9076a35b292ef0c431b6471219162fe00434fcb7ec0ec802dc738cfce8ce96b99f2db9adce9a37f8fc3bbf88e920dc9

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    247KB

    MD5

    499e0fa21bf8d9c2dda6878abe9f2646

    SHA1

    48816b441500d74efea6730dff64e81c629d51e6

    SHA256

    a8bddd803e196c0271eea39a040070ef5d9a5e1fac8a11195261f4f807864050

    SHA512

    a4b222bdafa6f6717f9cccac2a1d6474ce9c600e59e9e9d3e97014f0fec7735d3af44c7e1ba7c8e789bcf00a6bb2337e11141caa8790d0a11f99de74bfce0b04

  • memory/1964-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1964-68-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB